IBM i PTF Guide, Volume 20, Number 3: Important Update For Spectre/Meltdown
January 22, 2018 Doug Bidwell
There has been an important development in the area of the Spectre and Meltdown security vulnerabilities as it relates to Power Systems. As you can see from this follow-on notice from January 15, IBM’s Product Security Incident Response Team (PSIRT) has these vulnerabilities classified as “High Severity,” which is more a reflection about the potential threat they represent, given the nature of speculative execution of Power (and other) processors, rather than because of an actual exploit that is in the wild that is using these vulnerabilities to get access to unauthorized information on systems.
We have a little more information to add to the ongoing Spectre and Meltdown saga this week. We are repeating the licensed internal code (LIC) PTFs that are available for each of the releases:
These must be ordered individually, but are not as yet included in either the HIPER or Security PTF Groups. (That seemed strange last week and still is strange this week!)
In the cover letters for the LIC PTFs, it states that they can be put on with an IPL, but do not completely mitigate the issue(s) until the Power Systems firmware is patched as well. And then things get even more strange. As we pointed out last week, there are firmware patches for Power8 and Power7+ systems, but it is for firmware, not as we in IBM i Land would expect, which would be in the form of an “MH” PTF. Those can require a disruptive install, meaning an IPL. This Sunday, we see that these MH-class PTFs are out.
For OS managed firmware systems:
The Power8 and Power8+ firmware fix for SC860_138_056/FW860.42 is MH01739.
The Power7 and Power7+ firmware fix for AL770_120_032/FW770.91 is MH01740.
Both the appropriate OS PTF and the firmware fix are required to completely mitigate the risk from the vulnerability. The best resource for firmware updates is the following link: http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811.
There was no other activity this week in PTF Land.
As usual, we have included an archive of the IBM i PTF Guide to help you work through the PTFs in chronological order, which you can see below: